Edge Encryption error "Failed to load encryption rules"


Description

Edge Encryption Proxy Error "Failed to load encryption rules"


 You start the Edge Encryption proxy and see an error similar to this in the logfile proxy_installation_location/logs/edgeencryption.log:

2017-01-27 10:39:58,744 ERROR Encryption rules for post were deleted from the ServiceNow instance. Contact support to restore the encryption rules.

2017-01-27 10:39:58,744 ERROR Failed to load encryption rules from the ServiceNow instance: Failed to load rules.

  

Cause

The Edge Encryption rules have failed validation with respect to syntax, signature, or deletion. 

The proxy keeps a local copy of the Edge Encryption rules in the encryptionconfiguration.json file and in the /rules folder (London and earlier) or /cache folder (Madrid and later) on the proxy.  The error occurs if there is a rules mismatch between the instance and the proxy.

If there is a validation problem, the trust is broken and the proxy only trusts its local copies until recovery.

Resolution

 

Remove the rules-related files from the proxy and obtain them from the instance.  Repeat this for each proxy on the instance, one proxy at a time.

  1. If the proxy is already running shut it down.
  2. On the Edge Encryption proxy server machine, go to the directory proxy_installation_location/conf.
  3. Remove or rename the encryptionconfiguration.json file.
  4. Go to proxy_installation_location/rules. (or proxy_installation_location/cache in Madrid and newer)
  5. Remove all of the rule related files in this /rules or /cache directory.
  6. For example, the files in the /rules || /cache directory will usually be:
    1. encryptionGetRules.js
    2. encryptionPostRules.js
    3. getRulesSysIds
    4. postRulesSysIds
  7. Start the proxy again.
  8. The rules-related error should be gone, and a new encryptionconfiguration.json file and new files should be created in the /rules || /cache folder from the instance